| Alex Klyubin | 5d30beb | 2017-02-07 10:05:07 -0800 | [diff] [blame] | 1 | # surfaceflinger - display compositor service |
| 2 | |
| 3 | type surfaceflinger_exec, exec_type, file_type; |
| dcashman | cc39f63 | 2016-07-22 13:13:11 -0700 | [diff] [blame] | 4 | init_daemon_domain(surfaceflinger) |
| Alex Klyubin | 5d30beb | 2017-02-07 10:05:07 -0800 | [diff] [blame] | 5 | |
| 6 | typeattribute surfaceflinger mlstrustedsubject; |
| 7 | |
| 8 | read_runtime_log_tags(surfaceflinger) |
| 9 | |
| 10 | # Perform HwBinder IPC. |
| 11 | hwbinder_use(surfaceflinger) |
| 12 | binder_call(surfaceflinger, hal_graphics_allocator) |
| 13 | binder_call(surfaceflinger, hal_graphics_composer) |
| 14 | binder_call(surfaceflinger, hal_configstore) |
| 15 | |
| 16 | # Perform Binder IPC. |
| 17 | binder_use(surfaceflinger) |
| 18 | binder_call(surfaceflinger, binderservicedomain) |
| 19 | binder_call(surfaceflinger, appdomain) |
| 20 | binder_call(surfaceflinger, bootanim) |
| 21 | binder_service(surfaceflinger) |
| 22 | |
| 23 | # Binder IPC to bu, presently runs in adbd domain. |
| 24 | binder_call(surfaceflinger, adbd) |
| 25 | |
| 26 | # Read /proc/pid files for Binder clients. |
| 27 | r_dir_file(surfaceflinger, binderservicedomain) |
| 28 | r_dir_file(surfaceflinger, appdomain) |
| 29 | |
| 30 | # Access the GPU. |
| 31 | allow surfaceflinger gpu_device:chr_file rw_file_perms; |
| 32 | |
| 33 | # Access /dev/graphics/fb0. |
| 34 | allow surfaceflinger graphics_device:dir search; |
| 35 | allow surfaceflinger graphics_device:chr_file rw_file_perms; |
| 36 | |
| 37 | # Access /dev/video1. |
| 38 | allow surfaceflinger video_device:dir r_dir_perms; |
| 39 | allow surfaceflinger video_device:chr_file rw_file_perms; |
| 40 | |
| 41 | # Create and use netlink kobject uevent sockets. |
| 42 | allow surfaceflinger self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl; |
| 43 | |
| 44 | # Set properties. |
| 45 | set_prop(surfaceflinger, system_prop) |
| 46 | set_prop(surfaceflinger, ctl_bootanim_prop) |
| 47 | |
| 48 | # Use open files supplied by an app. |
| 49 | allow surfaceflinger appdomain:fd use; |
| 50 | allow surfaceflinger app_data_file:file { read write }; |
| 51 | |
| 52 | # Allow a dumpstate triggered screenshot |
| 53 | binder_call(surfaceflinger, dumpstate) |
| 54 | binder_call(surfaceflinger, shell) |
| 55 | r_dir_file(surfaceflinger, dumpstate) |
| 56 | |
| 57 | # Needed on some devices for playing DRM protected content, |
| 58 | # but seems expected and appropriate for all devices. |
| 59 | allow surfaceflinger tee:unix_stream_socket connectto; |
| 60 | allow surfaceflinger tee_device:chr_file rw_file_perms; |
| 61 | |
| 62 | |
| 63 | # media.player service |
| 64 | add_service(surfaceflinger, gpu_service) |
| 65 | |
| 66 | # do not use add_service() as hal_graphics_composer_default may be the |
| 67 | # provider as well |
| 68 | #add_service(surfaceflinger, surfaceflinger_service) |
| 69 | allow surfaceflinger surfaceflinger_service:service_manager { add find }; |
| 70 | |
| 71 | allow surfaceflinger mediaserver_service:service_manager find; |
| 72 | allow surfaceflinger permission_service:service_manager find; |
| 73 | allow surfaceflinger power_service:service_manager find; |
| Jeff Vander Stoep | 8bf3b7a | 2017-02-10 13:33:56 -0800 | [diff] [blame^] | 74 | allow surfaceflinger vr_manager_service:service_manager find; |
| Alex Klyubin | 5d30beb | 2017-02-07 10:05:07 -0800 | [diff] [blame] | 75 | allow surfaceflinger window_service:service_manager find; |
| 76 | |
| Jeff Vander Stoep | 8bf3b7a | 2017-02-10 13:33:56 -0800 | [diff] [blame^] | 77 | |
| Alex Klyubin | 5d30beb | 2017-02-07 10:05:07 -0800 | [diff] [blame] | 78 | # allow self to set SCHED_FIFO |
| 79 | allow surfaceflinger self:capability sys_nice; |
| 80 | allow surfaceflinger proc_meminfo:file r_file_perms; |
| 81 | r_dir_file(surfaceflinger, cgroup) |
| 82 | r_dir_file(surfaceflinger, sysfs_type) |
| 83 | r_dir_file(surfaceflinger, system_file) |
| 84 | allow surfaceflinger tmpfs:dir r_dir_perms; |
| 85 | allow surfaceflinger system_server:fd use; |
| 86 | allow surfaceflinger ion_device:chr_file r_file_perms; |
| 87 | |
| Nick Bray | 084faf0 | 2017-02-09 15:15:11 -0800 | [diff] [blame] | 88 | # pdx IPC |
| 89 | pdx_server(surfaceflinger) |
| 90 | |
| 91 | use_pdx(surfaceflinger, bufferhubd) |
| 92 | use_pdx(surfaceflinger, performanced) |
| 93 | use_pdx(surfaceflinger, sensord) |
| 94 | |
| Alex Klyubin | 5d30beb | 2017-02-07 10:05:07 -0800 | [diff] [blame] | 95 | ### |
| 96 | ### Neverallow rules |
| 97 | ### |
| 98 | ### surfaceflinger should NEVER do any of this |
| 99 | |
| 100 | # Do not allow accessing SDcard files as unsafe ejection could |
| 101 | # cause the kernel to kill the process. |
| 102 | neverallow surfaceflinger sdcard_type:file rw_file_perms; |